Package org.apache.catalina.security

Class TLSCertificateReloadListener

java.lang.Object
org.apache.catalina.security.TLSCertificateReloadListener
All Implemented Interfaces:
LifecycleListener
public class TLSCertificateReloadListener extends Object implements LifecycleListener
A LifecycleListener that may be used to monitor the expiration dates of TLS certificates and trigger automatic reloading of the TLS configuration a set number of days before the TLS certificate expires.

This listener assumes there is some other process (certbot, cloud infrastructure, etc) that renews the certificate on a regular basis and replaces the current certificate with the new one.

This listener does NOT re-read the Tomcat configuration from server.xml. If you make changes to server.xml you must restart the Tomcat process to pick up those changes.

  • Constructor Summary

    Constructors
    Constructor
    Description
    TLSCertificateReloadListener()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    int
    getCheckPeriod()
    Get the time, in seconds, between reloading checks.
    int
    getDaysBefore()
    Get the number of days before the expiry of a TLS certificate that it is expected that the new certificate will be in place and the reloading can be triggered.
    void
    lifecycleEvent(LifecycleEvent event)
    Acknowledge the occurrence of the specified event.
    void
    setCheckPeriod(int checkPeriod)
    Set the time, in seconds, between reloading checks.
    void
    setDaysBefore(int daysBefore)
    Set the number of days before the expiry of a TLS certificate that it is expected that the new certificate will be in place and the reloading can be triggered.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • TLSCertificateReloadListener

      public TLSCertificateReloadListener()

  • Method Details

    • getCheckPeriod

      public int getCheckPeriod()
      Get the time, in seconds, between reloading checks.

      The periodic process for LifecycleListener typically runs much more frequently than this listener requires. This attribute controls the period between checks.

      If not specified, a default of 86,400 seconds (24 hours) is used.

      Returns:
      The time, in seconds, between reloading checks

    • setCheckPeriod

      public void setCheckPeriod(int checkPeriod)
      Set the time, in seconds, between reloading checks.
      Parameters:
      checkPeriod - The new time, in seconds, between reloading checks

    • getDaysBefore

      public int getDaysBefore()
      Get the number of days before the expiry of a TLS certificate that it is expected that the new certificate will be in place and the reloading can be triggered.

      If not specified, a default of 14 days is used.

      Returns:
      The number of days before the expiry of a TLS certificate that the reloading will be triggered

    • setDaysBefore

      public void setDaysBefore(int daysBefore)
      Set the number of days before the expiry of a TLS certificate that it is expected that the new certificate will be in place and the reloading can be triggered.
      Parameters:
      daysBefore - the number of days before the expiry of the current certificate that reloading will be triggered

    • lifecycleEvent

      public void lifecycleEvent(LifecycleEvent event)
      Description copied from interface: LifecycleListener
      Acknowledge the occurrence of the specified event.
      Specified by:
      lifecycleEvent in interface LifecycleListener
      Parameters:
      event - LifecycleEvent that has occurred